cleantalk
Vulnerabilities and Security Researches

WP Job Portal – A Complete Job Board, CVE-2024-11712

CVE, Research URL

CVE-2024-11712

Home page URL

Security reports for WP Job Portal – A Complete Job Board

Application

WP Job Portal – A Complete Job Board

Published on
Dec 14, 2024
Research Description
The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getResumeFileDownloadById() function in all versions up to, and including, 2.2.2. This makes it possible for unauthenticated attackers to download other users resumes.
Affected versions
Min -, max 2.2.3.
Status
vulnerable
Previous vulnerability researches
WP Job Portal – A Complete Job Board (CVE-2024-11711) , Dec 15, 2024
WP Job Portal – A Complete Job Board (CVE-2024-35759) , Jun 22, 2024
WP Job Portal – A Complete Job Board (CVE-2024-35760) , Jun 22, 2024
WP Job Portal – A Complete Job Board (CVE-2024-11714) , Dec 15, 2024
WP Job Portal – A Complete Job Board (CVE-2024-11710) , Dec 15, 2024
New vulnerability
Frontend Dashboard (CVE-2025-4104) , May 08, 2025
Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce (CVE-2025-0671) , May 08, 2025
Pods – Custom Content Types and Fields (CVE-2025-1446) , May 08, 2025
WP-Recall – Registration, Profile, Commerce & More (CVE-2024-9771) , May 08, 2025
WordPress Tag and Category Manager – AI Autotagger (CVE-2025-0627) , May 08, 2025